Compare commits
3 Commits
026fe8757e
...
d3684274e3
Author | SHA1 | Date | |
---|---|---|---|
d3684274e3 | |||
91ec2a4c86 | |||
62eeabff2b |
35
Dockerfile
35
Dockerfile
@ -1,33 +1,33 @@
|
||||
FROM docker.io/rockdrilla/angie-conv:v0.0.1-deps AS deps
|
||||
ARG IMAGE_VERSION
|
||||
FROM docker.io/rockdrilla/angie-conv:${IMAGE_VERSION}-deps AS deps
|
||||
|
||||
## ---
|
||||
|
||||
FROM deps AS certs
|
||||
FROM deps AS setup
|
||||
SHELL [ "/bin/sh", "-ec" ]
|
||||
|
||||
COPY /scripts/* /usr/local/sbin/
|
||||
COPY /extra-scripts/* /usr/local/sbin/
|
||||
|
||||
## consult https://github.com/certifi/python-certifi/
|
||||
ENV CERTIFI_COMMIT=bd8153872e9c6fc98f4023df9c2deaffea2fa463
|
||||
ADD https://angie.software/keys/angie-signing.gpg /tmp/angie.gpg.bin
|
||||
COPY /apt/sources.angie /etc/apt/sources.list.d/angie.txt
|
||||
|
||||
RUN apt-install.sh ca-certificates ; \
|
||||
## process certifi
|
||||
ca_file='/etc/ssl/certs/ca-certificates.crt' ; \
|
||||
openssl-cert-fingerprint.sh "${ca_file}" | sort -uV > "${ca_file}.fp.orig" ; \
|
||||
ls -l "${ca_file}" ; \
|
||||
certifi-extras.sh ; \
|
||||
openssl-cert-fingerprint.sh "${ca_file}" | sort -uV > "${ca_file}.fp" ; \
|
||||
chmod 0444 "${ca_file}" "${ca_file}.fp" "${ca_file}.fp.orig" ; \
|
||||
ls -l "${ca_file}" "${ca_file}.fp" "${ca_file}.fp.orig"
|
||||
RUN pkg='gnupg' ; \
|
||||
apt-install.sh ${pkg} ; \
|
||||
## process Angie GPG keyring / APT sources
|
||||
gpg-export.sh /tmp/angie.gpg.bin /etc/apt/keyrings/angie.gpg.asc ; \
|
||||
rm -f /tmp/angie.gpg.bin ; \
|
||||
env -C /etc/apt/sources.list.d mv angie.txt angie.sources ; \
|
||||
## verify sources!
|
||||
apt-env.sh apt-get update ; \
|
||||
apt-remove.sh ${pkg} ; \
|
||||
apt-clean.sh
|
||||
|
||||
## ---
|
||||
|
||||
FROM deps AS pycache
|
||||
SHELL [ "/bin/sh", "-ec" ]
|
||||
|
||||
COPY --from=certs /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
|
||||
|
||||
COPY /scripts/* /usr/local/sbin/
|
||||
COPY /extra-scripts/* /usr/local/sbin/
|
||||
|
||||
@ -73,7 +73,8 @@ SHELL [ "/bin/sh", "-ec" ]
|
||||
|
||||
COPY /Dockerfile /usr/local/share/
|
||||
|
||||
COPY --from=certs /etc/ssl/certs/ca-certificates.* /etc/ssl/certs/
|
||||
COPY --from=setup /etc/apt/keyrings/angie.gpg.asc /etc/apt/keyrings/
|
||||
COPY --from=setup /etc/apt/sources.list.d/angie.sources /etc/apt/sources.list.d/
|
||||
|
||||
## RFC: Python cache
|
||||
## TODO: reduce load by selecting only __pycache__ directories in either way
|
||||
@ -109,7 +110,7 @@ RUN apt-install.sh angie ; \
|
||||
fi
|
||||
|
||||
## preserve snippets from Angie config directory
|
||||
## ref: https://git.angie.software/web-server/angie/src/tag/Angie-1.6.2/conf
|
||||
## ref: https://git.angie.software/web-server/angie/src/tag/Angie-1.7.0/conf
|
||||
RUN d=/etc/angie ; t=$(mktemp -d) ; \
|
||||
tar -C "$d" -cf - \
|
||||
fastcgi_params \
|
||||
|
@ -2,7 +2,7 @@
|
||||
ARG PYTHONTAG=3.11.10-slim-bookworm
|
||||
FROM docker.io/python:${PYTHONTAG} AS base-upstream
|
||||
|
||||
FROM base-upstream AS base
|
||||
FROM base-upstream AS base-intermediate
|
||||
SHELL [ "/bin/sh", "-ec" ]
|
||||
|
||||
COPY /Dockerfile.base /usr/local/share/
|
||||
@ -223,5 +223,39 @@ RUN find /usr/local/sbin/ ! -type d -ls -delete ; \
|
||||
find /run/ -mindepth 1 -ls -delete || : ; \
|
||||
install -d -m 01777 /run/lock
|
||||
|
||||
## ---
|
||||
|
||||
FROM base-intermediate AS certs
|
||||
SHELL [ "/bin/sh", "-ec" ]
|
||||
|
||||
COPY /scripts/* /usr/local/sbin/
|
||||
COPY /extra-scripts/* /usr/local/sbin/
|
||||
|
||||
## "2024.08.30"
|
||||
ENV CERTIFI_COMMIT=325c2fde4f8eec10d682b09f3b0414dc05e69a81
|
||||
|
||||
# 'https://raw.githubusercontent.com/certifi/python-certifi'
|
||||
ARG CERTIFI_BASE_URI='https://github.com/certifi/python-certifi/raw'
|
||||
|
||||
ARG CERTIFI_URI="${CERTIFI_BASE_URI}/${CERTIFI_COMMIT}/certifi/cacert.pem"
|
||||
ADD "${CERTIFI_URI}" /tmp/certifi.crt
|
||||
|
||||
RUN apt-install.sh ca-certificates ; \
|
||||
apt-clean.sh ; \
|
||||
ca_file='/etc/ssl/certs/ca-certificates.crt' ; \
|
||||
ls -l "${ca_file}" ; \
|
||||
## process certifi
|
||||
certifi-extras.sh /tmp/certifi.crt ; \
|
||||
openssl-cert-auto-pem.sh "${ca_file}" "${ca_file}.new" "${ca_file}.fp" ; \
|
||||
mv -f "${ca_file}.new" "${ca_file}" ; \
|
||||
chmod 0444 "${ca_file}" "${ca_file}.fp" ; \
|
||||
ls -l "${ca_file}" "${ca_file}.fp"
|
||||
|
||||
## ---
|
||||
|
||||
FROM base-intermediate AS base
|
||||
|
||||
COPY --from=certs /etc/ssl/certs/ca-certificates.* /etc/ssl/certs/
|
||||
|
||||
ENTRYPOINT [ ]
|
||||
CMD [ "bash" ]
|
||||
|
@ -1,28 +1,16 @@
|
||||
FROM docker.io/rockdrilla/angie-conv:v0.0.1-base AS base
|
||||
ARG IMAGE_VERSION
|
||||
FROM docker.io/rockdrilla/angie-conv:${IMAGE_VERSION}-base AS base
|
||||
|
||||
## ---
|
||||
|
||||
FROM base AS setup
|
||||
FROM base AS build
|
||||
SHELL [ "/bin/sh", "-ec" ]
|
||||
|
||||
COPY /scripts/* /usr/local/sbin/
|
||||
COPY /extra-scripts/* /usr/local/sbin/
|
||||
|
||||
ADD https://angie.software/keys/angie-signing.gpg /tmp/angie.gpg.bin
|
||||
COPY /apt/sources.angie /etc/apt/sources.list.d/angie.txt
|
||||
COPY /requirements.txt /tmp/
|
||||
|
||||
RUN pkg='gnupg' ; \
|
||||
apt-install.sh ${pkg} ; \
|
||||
## process Angie GPG keyring / APT sources
|
||||
gpg-export.sh /tmp/angie.gpg.bin /etc/apt/keyrings/angie.gpg.asc ; \
|
||||
rm -f /tmp/angie.gpg.bin ; \
|
||||
env -C /etc/apt/sources.list.d mv angie.txt angie.sources ; \
|
||||
## verify sources!
|
||||
apt-env.sh apt-get update ; \
|
||||
apt-remove.sh ${pkg} ; \
|
||||
apt-clean.sh
|
||||
|
||||
ENV INSTALL_WHEELS='jinja2 netaddr psutil pyyaml wcmatch'
|
||||
ENV DEV_PACKAGES='libyaml-dev'
|
||||
# markupsafe, psutil
|
||||
ENV CIBUILDWHEEL=1
|
||||
@ -42,7 +30,7 @@ RUN w=$(mktemp -d) ; : "${w:?}" ; \
|
||||
rm -rf "$w/" ; unset w ; \
|
||||
apt-install.sh build-essential ; \
|
||||
pip-env.sh pip install 'cython' ; \
|
||||
pip-env.sh pip install --no-binary :all: ${INSTALL_WHEELS} ; \
|
||||
pip-env.sh pip install --no-binary :all: -r /tmp/requirements.txt ; \
|
||||
pip-env.sh pip uninstall -y 'cython' ; \
|
||||
python-rm-cache.sh "${PYTHON_SITE_PACKAGES}" ; \
|
||||
rm -rf \
|
||||
@ -66,12 +54,9 @@ SHELL [ "/bin/sh", "-ec" ]
|
||||
|
||||
COPY /Dockerfile.deps /usr/local/share/
|
||||
|
||||
COPY --from=setup /etc/apt/keyrings/angie.gpg.asc /etc/apt/keyrings/
|
||||
COPY --from=setup /etc/apt/sources.list.d/angie.sources /etc/apt/sources.list.d/
|
||||
|
||||
## Python: site-packages
|
||||
COPY --from=setup /usr/local/bin/ /usr/local/bin/
|
||||
COPY --from=setup /${PYTHON_SITE_PACKAGES}/ /${PYTHON_SITE_PACKAGES}/
|
||||
COPY --from=build /usr/local/bin/ /usr/local/bin/
|
||||
COPY --from=build /${PYTHON_SITE_PACKAGES}/ /${PYTHON_SITE_PACKAGES}/
|
||||
|
||||
COPY /scripts/* /usr/local/sbin/
|
||||
|
||||
|
@ -2,6 +2,8 @@
|
||||
set -ef
|
||||
cd "$(dirname "$0")/.."
|
||||
|
||||
IMAGE_VERSION="${IMAGE_VERSION:-v0.0.1}"
|
||||
|
||||
set -a
|
||||
BUILDAH_FORMAT="${BUILDAH_FORMAT:-docker}"
|
||||
BUILDAH_ISOLATION="${BUILDAH_ISOLATION:-chroot}"
|
||||
@ -27,7 +29,7 @@ grab_site_packages() {
|
||||
PYTHON_SITE_PACKAGES=$(grab_site_packages "docker.io/python:${PYTHONTAG}")
|
||||
[ -n "${PYTHON_SITE_PACKAGES:?}" ]
|
||||
|
||||
img="docker.io/rockdrilla/angie-conv:v0.0.1-base"
|
||||
img="docker.io/rockdrilla/angie-conv:${IMAGE_VERSION}-base"
|
||||
|
||||
buildah bud --network="${BUILDAH_NETWORK}" \
|
||||
-f ./Dockerfile.base \
|
||||
|
@ -2,15 +2,18 @@
|
||||
set -ef
|
||||
cd "$(dirname "$0")/.."
|
||||
|
||||
IMAGE_VERSION="${IMAGE_VERSION:-v0.0.1}"
|
||||
|
||||
set -a
|
||||
BUILDAH_FORMAT="${BUILDAH_FORMAT:-docker}"
|
||||
BUILDAH_ISOLATION="${BUILDAH_ISOLATION:-chroot}"
|
||||
BUILDAH_NETWORK="${BUILDAH_NETWORK:-host}"
|
||||
set +a
|
||||
|
||||
img="docker.io/rockdrilla/angie-conv:v0.0.1-deps"
|
||||
img="docker.io/rockdrilla/angie-conv:${IMAGE_VERSION}-deps"
|
||||
|
||||
exec buildah bud \
|
||||
-f ./Dockerfile.deps \
|
||||
-t "${img}" \
|
||||
--pull=missing --no-cache
|
||||
--pull=missing --no-cache \
|
||||
--build-arg "IMAGE_VERSION=${IMAGE_VERSION}" \
|
||||
|
@ -2,13 +2,15 @@
|
||||
set -ef
|
||||
cd "$(dirname "$0")/.."
|
||||
|
||||
IMAGE_VERSION="${IMAGE_VERSION:-v0.0.1}"
|
||||
|
||||
set -a
|
||||
BUILDAH_FORMAT="${BUILDAH_FORMAT:-docker}"
|
||||
BUILDAH_ISOLATION="${BUILDAH_ISOLATION:-chroot}"
|
||||
BUILDAH_NETWORK="${BUILDAH_NETWORK:-host}"
|
||||
set +a
|
||||
|
||||
ANGIE_VERSION="${ANGIE_VERSION:-1.6.2}"
|
||||
ANGIE_VERSION="${ANGIE_VERSION:-1.7.0}"
|
||||
|
||||
## likely the same as in https://pkg.go.dev/strconv#ParseBool
|
||||
gobool_to_int() {
|
||||
@ -21,10 +23,10 @@ gobool_to_int() {
|
||||
esac
|
||||
}
|
||||
|
||||
NGX_DEBUG=$(gobool_to_int "${1:-0}" 0)
|
||||
NGX_DEBUG=$(gobool_to_int "${NGX_DEBUG:-0}" 0)
|
||||
case "${NGX_DEBUG}" in
|
||||
0 ) img="docker.io/rockdrilla/angie-conv:v0.0.1-${ANGIE_VERSION}" ;;
|
||||
1 ) img="docker.io/rockdrilla/angie-conv:v0.0.1-${ANGIE_VERSION}-debug" ;;
|
||||
0 ) img="docker.io/rockdrilla/angie-conv:${IMAGE_VERSION}-${ANGIE_VERSION}" ;;
|
||||
1 ) img="docker.io/rockdrilla/angie-conv:${IMAGE_VERSION}-${ANGIE_VERSION}-debug" ;;
|
||||
esac
|
||||
|
||||
exec buildah bud \
|
||||
@ -32,4 +34,5 @@ exec buildah bud \
|
||||
-t "${img}" \
|
||||
--env "ANGIE_VERSION=${ANGIE_VERSION}" \
|
||||
--env "NGX_DEBUG=${NGX_DEBUG}" \
|
||||
--pull=missing --no-cache
|
||||
--pull=missing --no-cache \
|
||||
--build-arg "IMAGE_VERSION=${IMAGE_VERSION}" \
|
||||
|
@ -4,3 +4,4 @@
|
||||
- [static site with templates](static-template/README.md)
|
||||
- [print env via NJS](njs/README.md)
|
||||
- [print env via Perl](perl/README.md)
|
||||
- [SSL with subdomains](ssl/README.md)
|
||||
|
16
doc/examples/ssl/Dockerfile
Normal file
16
doc/examples/ssl/Dockerfile
Normal file
@ -0,0 +1,16 @@
|
||||
FROM docker.io/rockdrilla/angie-conv:v0.0.1
|
||||
SHELL [ "/bin/sh", "-ec" ]
|
||||
|
||||
COPY /site/ /etc/angie/site/
|
||||
COPY /static/ /etc/angie/static/
|
||||
COPY /tls/ /etc/angie/tls/
|
||||
|
||||
ENV NGX_HTTP_CONFLOAD='ssl'
|
||||
|
||||
## same as above (adjusted to above variant by entrypoint):
|
||||
## ENV NGX_HTTP_MODULES='ssl'
|
||||
|
||||
## serve with HTTP/2 (disabled by default):
|
||||
## ENV NGX_HTTP_CONFLOAD='ssl v2'
|
||||
## or
|
||||
## ENV NGX_HTTP_MODULES='ssl v2'
|
52
doc/examples/ssl/README.md
Normal file
52
doc/examples/ssl/README.md
Normal file
@ -0,0 +1,52 @@
|
||||
# SSL with subdomains
|
||||
|
||||
configuration:
|
||||
|
||||
```nginx
|
||||
server {
|
||||
listen 8443 ssl;
|
||||
|
||||
server_name example.org;
|
||||
|
||||
ssl_certificate tls.d/example.org.chain.crt;
|
||||
ssl_certificate_key tls.d/example.org.pem;
|
||||
|
||||
root static.d/example.org;
|
||||
}
|
||||
```
|
||||
|
||||
Dockerfile:
|
||||
|
||||
```dockerfile
|
||||
FROM docker.io/rockdrilla/angie-conv:v0.0.1
|
||||
|
||||
COPY /site/ /etc/angie/site/
|
||||
COPY /static/ /etc/angie/static/
|
||||
COPY /tls/ /etc/angie/tls/
|
||||
|
||||
ENV NGX_HTTP_CONFLOAD='ssl'
|
||||
```
|
||||
|
||||
Optional cut-off SSL server block:
|
||||
|
||||
```nginx
|
||||
server {
|
||||
listen 8443 ssl default_server bind deferred;
|
||||
|
||||
server_name _;
|
||||
|
||||
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
|
||||
|
||||
## reject connections early
|
||||
ssl_reject_handshake on;
|
||||
}
|
||||
```
|
||||
|
||||
Test URI e.g. with `curl`:
|
||||
```sh
|
||||
curl --cacert ./tls/ca/root-ca.crt --capath /nonexistent --resolve example.org:8443:127.0.0.1 https://example.org:8443/
|
||||
|
||||
curl --cacert ./tls/ca/root-ca.crt --capath /nonexistent --resolve www.example.org:8443:127.0.0.1 https://www.example.org:8443/
|
||||
|
||||
curl --cacert ./tls/ca/root-ca.crt --capath /nonexistent --resolve test.example.org:8443:127.0.0.1 https://test.example.org:8443/
|
||||
```
|
19
doc/examples/ssl/demo-ca/0-CA-Root.crt
Normal file
19
doc/examples/ssl/demo-ca/0-CA-Root.crt
Normal file
@ -0,0 +1,19 @@
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIDBjCCAe6gAwIBAgIITliyKcJbVmEwDQYJKoZIhvcNAQELBQAwEjEQMA4GA1UE
|
||||
AxMHQ0EgUm9vdDAeFw0yNDA5MTkwMDAwMDBaFw0zNjA5MTgyMzU5NTlaMBIxEDAO
|
||||
BgNVBAMTB0NBIFJvb3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDP
|
||||
0HWgtUwQ+OMm30ANf8Iy4H3tfGnfrDd4oQXqMjuW6Eh0nxzlWMIcvrN1l2Y2QscI
|
||||
i+/6CNq6tirbkN3PIYFdboejROXPDRsh7ck+92PyJiEcbK0SbI/S/3bKGpeqmTy+
|
||||
HvbkMvzlUJ/+SH6FgU3sCkYga43QDE8DT3PRf0zd7mBF2ij/OXtv69JehdTJBDa2
|
||||
hW09Ivjfq5cHoMIEfIvTp8847TGIQDqU8k1N8A5brrU+2gHJ+H3GoV09ej5/cv6Q
|
||||
9FU9DE/mTW7iDHjNVNgq4JQXJWyCYH6TfoKet+/8Q1odhe+4dG22lO6EgHdp5IIN
|
||||
J5322FKKsuwZ1JhA/ZJ9AgMBAAGjYDBeMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0O
|
||||
BBYEFDHRuuHS1LwoRcTtUhLcp+DaEa/IMAsGA1UdDwQEAwIBBjAfBgNVHSUEGDAW
|
||||
BgorBgEEAYI3CgMBBggrBgEFBQcDCTANBgkqhkiG9w0BAQsFAAOCAQEAxRGAJ3nV
|
||||
/ycyml5mm4q330Mnsa8Rc0DoVaQXfEyIIBkgYD2dIhvjnA5cK6AVStAJ/16lx77T
|
||||
v5bG5/AyC2D7ISd8PLcpWrAtxo06cYM3OJjpWwl18oH1tS1L2hi6L8I2LNkW4TKQ
|
||||
yFjRCYJvsM2QUnRL99S4JKiXACDMCTP/ZP87fQvmfi4lXCnUlQqgtnCq0+iCwXVJ
|
||||
oR1SdOrmPz/NI23RA41U15LePwFuK5cTE0WhtyZej8ksv6V+5Z1aiIBTt/cMl+KH
|
||||
2K9dmO+dNp1DJeSaeH+8rsDd44FkPvDi1nMjm4G51U2JVrbjift70DM/Ia/DPH72
|
||||
bYJLgeFDhdfzMg==
|
||||
-----END CERTIFICATE-----
|
27
doc/examples/ssl/demo-ca/0-CA-Root.key
Normal file
27
doc/examples/ssl/demo-ca/0-CA-Root.key
Normal file
@ -0,0 +1,27 @@
|
||||
-----BEGIN RSA PRIVATE KEY-----
|
||||
MIIEogIBAAKCAQEAz9B1oLVMEPjjJt9ADX/CMuB97Xxp36w3eKEF6jI7luhIdJ8c
|
||||
5VjCHL6zdZdmNkLHCIvv+gjaurYq25DdzyGBXW6Ho0Tlzw0bIe3JPvdj8iYhHGyt
|
||||
EmyP0v92yhqXqpk8vh725DL85VCf/kh+hYFN7ApGIGuN0AxPA09z0X9M3e5gRdoo
|
||||
/zl7b+vSXoXUyQQ2toVtPSL436uXB6DCBHyL06fPOO0xiEA6lPJNTfAOW661PtoB
|
||||
yfh9xqFdPXo+f3L+kPRVPQxP5k1u4gx4zVTYKuCUFyVsgmB+k36Cnrfv/ENaHYXv
|
||||
uHRttpTuhIB3aeSCDSed9thSirLsGdSYQP2SfQIDAQABAoIBADAlMD9DiWQsOToO
|
||||
AlGuTeBKHLqato+cnzxZ99wWd7JCTdkA7OmgitYsgzik0wgSp/htrTL8/qm/nwW/
|
||||
1feRIF60RwXXJjO2KllNtPBa0cOtvEGQ1vb8AkUkrNFtYEJknotAcrwTKP56k5qO
|
||||
kotdFd+v0KfdqxzuYRbX/zHjv3vxvQ/GxPAjyliAfrY+kt4I7tL30ZSCnLbmUEE5
|
||||
22v5zAeehi5QnFx6P3jnuv6f5Nn84fl0BV5xHOVrAj3WHRVb5UiHrZc1N+A2hKAC
|
||||
5SPYwLpf5RYQ4oJFCeUL3zZSSCSQnwa3jcSmCMV3flqL7ZsDI+EWJ9PwAEb1t7HF
|
||||
gCAF1skCgYEA+iXXOB0IR5N1nHVVGUWJSCL8JihDE/xyw1EbXGJPfz2648R7sOEq
|
||||
RqjnUNa7ODPlZ09Mf0zFhbWxAVEw4lCH++ZHCAw5JQ8mWCXwqd4zbcjJ6jzHtnn5
|
||||
U7JoEwPfPXZ5bx1avSaXHoOjgHXeGCMuLEF2faJd8iqnGh9epGq4PEkCgYEA1K0U
|
||||
SovG/1OoJw13LK5BQhSdcko5B03kAKROMVA6tvOekCYGC+MAqJtj/+lxkbLlTEtr
|
||||
FUzFdAIv+djU7yd0CxGcsiic25AKUq/Ko3Etxe89agpI3I+kSfb2zzOiRqAPyYBP
|
||||
AF9Crm6uJFZdATc2j/60DIElFlhD2qdDO6rWnJUCgYAhQqrNMT8KlVbMCOXZyF8q
|
||||
kkxIno3cuHJh+gTTUdcUKhcRdeykZiwC3S50lzipjmzwQaEARCr3TmNMs4j2bpLG
|
||||
MaY8MbPfc5Y7nj/TtlHMRShj1tUPNESslko0TQ1/1KLs3VBVWi45xnMU/5caSoM3
|
||||
KzUgG1i2fGlfldA1uGLq0QKBgFENuasDhI7wwihIEIBd1Q8rLipNsVhgTiIUfJx8
|
||||
uDPbuzWy2CEVnb2ko0L4JElkBdHC+IfAn4wr/T7abaTLw4UobDDWG5nuVpDW4ILT
|
||||
8p76I8zTKJuuvu1VixDC2/jQrdOc6/73T0GNex7sLzv0X/4XE2Wkno7aitm9X3lR
|
||||
DcPVAoGAUvleRG0hFMOFJH6jdX61/FW9tPZc+nPY3JXNYVvQLj9oEArgoT6crKfa
|
||||
cBgRLYd3AZUfz6CY+8Ln81oNKWM2iTkv/+y8Mtt35r1+GeBHXvfgsDcJmKsaZ+Oh
|
||||
/avdDrMT9UnLbIImYmhmixrMrypGtBMN5f2EVQZmk2CGe1lG5rw=
|
||||
-----END RSA PRIVATE KEY-----
|
19
doc/examples/ssl/demo-ca/1-CA-Internal.crt
Normal file
19
doc/examples/ssl/demo-ca/1-CA-Internal.crt
Normal file
@ -0,0 +1,19 @@
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIDLDCCAhSgAwIBAgIIc9z+Nze+1ngwDQYJKoZIhvcNAQELBQAwEjEQMA4GA1UE
|
||||
AxMHQ0EgUm9vdDAeFw0yNDA5MTkwMDAwMDBaFw0zNTA5MTgyMzU5NTlaMBYxFDAS
|
||||
BgNVBAMTC0NBIEludGVybmFsMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
|
||||
AQEAs0SnuACpBbkmoPrdnrMKuGhA+dUML/PoF8RZI9BdQvnSa3r1mINw3442Hcrh
|
||||
Nij0BeVqjK6DTk8yrLA3l9/bpXIubimXDWvzeMRRVduWPdEc9cdDhuksbrIApQow
|
||||
3cP68U95pqwYbDsXtGqXOzDWnKQppok42OjaKL6zwNsM6Qs/UKVADJ7rmPSoZSa/
|
||||
RCywhurnZt3eIDQjQqfJCnNifUXnLOD8JwyhSACBvxdQQnn2ibh78KA6LuECUDX9
|
||||
jKOdgJvffwl1XaXqX9pfM9KwmoNs+utVOm9weENC0tnss/BftqzBo6szAeyIKzkk
|
||||
xOjppCNz2Uou3UsVEVyCA6GAjQIDAQABo4GBMH8wDwYDVR0TAQH/BAUwAwEB/zAd
|
||||
BgNVHQ4EFgQUSsSalxeTY1qmvFLILIS3gZ4ynGMwHwYDVR0jBBgwFoAUMdG64dLU
|
||||
vChFxO1SEtyn4NoRr8gwCwYDVR0PBAQDAgEGMB8GA1UdJQQYMBYGCisGAQQBgjcK
|
||||
AwEGCCsGAQUFBwMJMA0GCSqGSIb3DQEBCwUAA4IBAQDJyKWDN6lD4/UTx12HrVqI
|
||||
taOkOzFIBho+FSvCRI/ZLpeMj01WZIb9XkdhLZvUAh+c7jC/caMghGX5N8Kqunmr
|
||||
x1HYnLm+C6QOdYy2djEml3ZwnbEn9yT1YYhRIZC993ipEzeNFm39J433l1PXYsLa
|
||||
XNC99j58tVPFELcpimqe8eoUW2hYKZqFvswuta2PhX9mNYOSVk5ICl3rs0kr8gDR
|
||||
3PC6vKmMxmTWTlg94JuTRCT0L5LD5Ode76iR7q0TY3XOzeDeEw3H99nPv3i69d2D
|
||||
15pEo78xeNOZhbJ1OGUqBO45JrwhhJ4x9N+5SSnLSEvgv+qghVK+mkxAtvM/6fsp
|
||||
-----END CERTIFICATE-----
|
27
doc/examples/ssl/demo-ca/1-CA-Internal.key
Normal file
27
doc/examples/ssl/demo-ca/1-CA-Internal.key
Normal file
@ -0,0 +1,27 @@
|
||||
-----BEGIN RSA PRIVATE KEY-----
|
||||
MIIEowIBAAKCAQEAs0SnuACpBbkmoPrdnrMKuGhA+dUML/PoF8RZI9BdQvnSa3r1
|
||||
mINw3442HcrhNij0BeVqjK6DTk8yrLA3l9/bpXIubimXDWvzeMRRVduWPdEc9cdD
|
||||
huksbrIApQow3cP68U95pqwYbDsXtGqXOzDWnKQppok42OjaKL6zwNsM6Qs/UKVA
|
||||
DJ7rmPSoZSa/RCywhurnZt3eIDQjQqfJCnNifUXnLOD8JwyhSACBvxdQQnn2ibh7
|
||||
8KA6LuECUDX9jKOdgJvffwl1XaXqX9pfM9KwmoNs+utVOm9weENC0tnss/BftqzB
|
||||
o6szAeyIKzkkxOjppCNz2Uou3UsVEVyCA6GAjQIDAQABAoIBABwMEkeGBuvHz4Th
|
||||
KvpQ3c0DNqM/02PPP9E0HZQuXeEEMAkz2Cfv7KF1YP8hRkIQfzlK7vQqu41tc6qz
|
||||
+UawNe+5IQ2IQUNOz+1lnaoWrHdod6T2c5iwc4ywGcy4fvO7XVAS1KAgjcOlLSzD
|
||||
fny6w+EHCCMvle7N44/7Yik6vFbbcThUiaHhg52rfWVkxydEzSRLj/SnBwQTGuk2
|
||||
vE/N2W3OkRWGpKmdjnrRsCJhF3XbHBqMQq9NoTxRUV9Uil2iGIvggW4cqT6hc0w6
|
||||
gC+P/9/5atpOlbtKgEDMCMUM+ltwgDN12SnYwJDbp/pXNm6v7818bccueJ+W8KTX
|
||||
kgRyF9ECgYEA+7/nRzFrFAkXItlASjuhtbachwu0bXBBYJMADHtN5V8scosX43vp
|
||||
0Q150W6b8pJB/HYCrCpVv+9tSlT20PPwQR/UcpZKrEWkuAcNjQs/UNSRuZ2qyibc
|
||||
nIp+jk9Rdt86BEj5UFmiylIUnHsHgW6O3tE+phedK0zH11d6mdwzT1kCgYEAtkt6
|
||||
GZpFnmH8VFOoU006fPPETVnNNSNkn4ysNHzRC1OBDynWhiFWUW+23SdRaayCYTl9
|
||||
IWpUTRVuW8Y4B1qO+rUd1C68+p8FlIaFFIT5Z1bCJ7e/M0hl6TSuIhrNa/ItUmEB
|
||||
Ax330guUVr9IIGZiROliIcSdoGf9T9UqhvG8aFUCgYAmZt6TuJEZ7E0QLs2kxTXk
|
||||
rydvXjS2oPIIFkRiowh93ae9DUSmmcdP8VtMvC+jr/XK2gGMW6Ta813bgdxogV17
|
||||
waw5kn1vi+wVelXx1u5gmRxlkQx1a7opUuL9OFI37NM/xhXp0NKJRD4KpKW/c6rt
|
||||
iEOjOGTsLvko+xojkDhveQKBgFY9Rrot/Zl8CX9rREqEUpMiT0+4mBf3cnb4ec8q
|
||||
7UpKatfdlxtFUiyciQn+u8keT1/nbocMYm1FIjxQfdkcwl9gp4flxIlcCavGJ9cZ
|
||||
QVPd+2QGzXFZYrz8qxR/UYcrvr0mHvB2kPLRf4+6VkjdpserET2gYmGsUG4gDkpg
|
||||
uh0xAoGBAOcZk8EGQUiesG8mk3r1ylVpxjlpbVyQ0dwuehSsyKqYlFDAF/TWF6EQ
|
||||
1k1GjwjXZmL5FuOhW1Ozh5m1kkg0tBW2jCevniRzLrUzBFRImuwfrOHH6FYyXBBs
|
||||
q3+fn1htEiDB3xelFGPyFEMzUrEvUQNU3jkiypR8JNPoE09X5XtD
|
||||
-----END RSA PRIVATE KEY-----
|
21
doc/examples/ssl/demo-ca/2-example.org.crt
Normal file
21
doc/examples/ssl/demo-ca/2-example.org.crt
Normal file
@ -0,0 +1,21 @@
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIDXTCCAkWgAwIBAgIIKr9NphMObcAwDQYJKoZIhvcNAQELBQAwFjEUMBIGA1UE
|
||||
AxMLQ0EgSW50ZXJuYWwwHhcNMjQwOTE5MDAwMDAwWhcNMzQwOTE4MjM1OTU5WjAW
|
||||
MRQwEgYDVQQDEwtleGFtcGxlLm9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
|
||||
AQoCggEBAJ+WCrO6ML91DNYfgzrc6XiZvOFNxBfbuPkPdFw6dx4wwJCFg0VcdH1W
|
||||
BpVMMvczlntphpARGZ+bsktKRhsbDHNfbExo6Sn6b0x/xnUkFg34ukYhRdFs+xHC
|
||||
/PO9t2a9LDcMsBr0yLBugbMYGZj2Ln+sp478aKyWNkQLBKOEfeijtg3qrIx0B/we
|
||||
vd8Tx49ahQYB8XELiZa1mntqRpHewMr+ul6sf5z6JR3Jrokvzu7kGLjt1FN1VAQR
|
||||
pkzqNYJX/vUJ3KIdZxWHyzyoIbra/VjeP/POIY22eQGDWwbg9sNVUyVKFPzkaSwV
|
||||
+BAytQiEn2cEQtmxoPZ+iLkyiGgGFWUCAwEAAaOBrjCBqzAMBgNVHRMBAf8EAjAA
|
||||
MB0GA1UdDgQWBBRrZV8OY2075agO7UQfsDcPKmt87TAfBgNVHSMEGDAWgBRKxJqX
|
||||
F5NjWqa8UsgshLeBnjKcYzALBgNVHQ8EBAMCA/gwJwYDVR0lBCAwHgYIKwYBBQUH
|
||||
AwEGCCsGAQUFBwMCBggrBgEFBQcDCDAlBgNVHREEHjAcggtleGFtcGxlLm9yZ4IN
|
||||
Ki5leGFtcGxlLm9yZzANBgkqhkiG9w0BAQsFAAOCAQEApijiwX+Y6XR25Z0yyv9P
|
||||
gAkZkE+X/rQuk+9PyuSXLWUg9x0p3G0RUwPHHwiUpYHnTmAf3iKoPHLltX+KxqkO
|
||||
W3Kx07TId5FmK8UrCZ+Xs1yuvMHtwdAvf8DA8QCaWSa8N9QeYmbzArjM8035j16+
|
||||
rFiMaO8mLEftqnVZksYt3pPWsus0UnhK9gnTw9PSxqWpC1EoTyiuDwTLdVqqYAeM
|
||||
oqqdpHfSFPBXmCRZc5dbptnrJmLiMHoVeeKjdYXLr1GgIVYPN+Dbldwb8gcIQ+TM
|
||||
zN+J7p0W7rHhsGSleackNlWWfodjnc0WHZWkyplg4W48V6KbLxsK+LOpvnuoy+mu
|
||||
vw==
|
||||
-----END CERTIFICATE-----
|
27
doc/examples/ssl/demo-ca/2-example.org.pem
Normal file
27
doc/examples/ssl/demo-ca/2-example.org.pem
Normal file
@ -0,0 +1,27 @@
|
||||
-----BEGIN RSA PRIVATE KEY-----
|
||||
MIIEogIBAAKCAQEAn5YKs7owv3UM1h+DOtzpeJm84U3EF9u4+Q90XDp3HjDAkIWD
|
||||
RVx0fVYGlUwy9zOWe2mGkBEZn5uyS0pGGxsMc19sTGjpKfpvTH/GdSQWDfi6RiFF
|
||||
0Wz7EcL88723Zr0sNwywGvTIsG6BsxgZmPYuf6ynjvxorJY2RAsEo4R96KO2Deqs
|
||||
jHQH/B693xPHj1qFBgHxcQuJlrWae2pGkd7Ayv66Xqx/nPolHcmuiS/O7uQYuO3U
|
||||
U3VUBBGmTOo1glf+9Qncoh1nFYfLPKghutr9WN4/884hjbZ5AYNbBuD2w1VTJUoU
|
||||
/ORpLBX4EDK1CISfZwRC2bGg9n6IuTKIaAYVZQIDAQABAoIBAA52Ufz3VCCdp8P7
|
||||
Mht9AU7Txolie0awO63yfRiN7H/uFMgOxBaJP5NLiagxB3Nd7Pa9LvEnuOXn0xC9
|
||||
/Twf8ju9u4+ceE48wFEInqsR/J+tLpsEET2JPfgzmVSGGQn0qH5KpjujJabQ35cj
|
||||
3s9SYWS3owMIaSdZgOHKCn8TwYykriGYgagV3c+tMdqDaqvrrWAu9mkCp9/MzREb
|
||||
X3XBJ9NE/5dlMeMfXJiRKvLc16hQCSrXVdCLLm3U3/sHncDKOEOF4kvEBR5ciXXN
|
||||
zXkuvbE4GKjC0rCGZtocbC2EkkHRMD96Y2cNwmNnWp0fJ0KOVYGw3S3YsWNMex0u
|
||||
n57vEUcCgYEAy+x9NB4pCF/5Va82yRYYRUZCyDWLAYAC7kJ933R2wugUgs8FUQzK
|
||||
xh0d7PuGDYB/zrsZfdQoZGmEbffZ/pze6pdIpaFKFnQoHPtS92aQdBPwyCdBnJUy
|
||||
cuVQekPBsDtRFSOaznzOej+bkFH43RujYjDPPRAIP2Oily20CRcXzb8CgYEAyFb6
|
||||
X2mQn2EM+vIxGIIUe09YsT9OhZyzI2TG4M4yvapFF8FVA5qZJTQh7mxJzlACev3J
|
||||
Rmrpo/36j4co9x8Ph9ojcQzd0qhiwYPaFc4sBjFRPm8k22+mf2zIm5VV1xHqML65
|
||||
ciGGCLxfBO+j1y0ktUL6g9QGwyr/0RaFo7UhrdsCgYBcEyipGqEeVe9Hn/hVrTNC
|
||||
PCo1Ke/cuocYO0+IUJa7BH0WXxEgem0oLMdxVFQ/znBm0JX++YdPZ1FTMeDtFLmW
|
||||
JL65gmzoXIQsKdJZQKcisko6pXb7k2YW+LFwsx1GTFIdAFmKuFGmYwgDju+WLj+E
|
||||
O1OnV5DRxlQIfKtYm2O1EwKBgHb1hrgPFAw/cZi1JUf7PbQ22mBtSe/2qzxyA9HL
|
||||
Pr/2kg5YA2Yfb55yxU8wx+aVBdQITHLe2xtAnX6KcF3E+NDfS7o+PJ1w1Ss5Ys8d
|
||||
3HBU6nwbPRR7yK7TZo9T7mPFxHzrU2yc0Vzwla91qKEFsk1blyueQ+Gx77M1H2el
|
||||
D3mPAoGAfd9V3aNVaNjjj/ILQlX6ypPeqWLjzsHRnsIedDXgGRh5/ZgXetSgp+f9
|
||||
MtZdaHkYiBMYJJXFqn3KcIaRGAgxQbaqnZtSmHpUg4AXDmxEbu01ryVjPIW/EvZb
|
||||
4oTikKQyUW8jqWS3irvxZga+nwJFNNYMyVgK+W29UYZzW53GMV4=
|
||||
-----END RSA PRIVATE KEY-----
|
20
doc/examples/ssl/demo-ca/3-www.example.org.crt
Normal file
20
doc/examples/ssl/demo-ca/3-www.example.org.crt
Normal file
@ -0,0 +1,20 @@
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIDVjCCAj6gAwIBAgIIKpxUKA9KjPcwDQYJKoZIhvcNAQELBQAwFjEUMBIGA1UE
|
||||
AxMLQ0EgSW50ZXJuYWwwHhcNMjQwOTE5MDAwMDAwWhcNMzQwOTE4MjM1OTU5WjAa
|
||||
MRgwFgYDVQQDEw93d3cuZXhhbXBsZS5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IB
|
||||
DwAwggEKAoIBAQC7IBurNJ8FFtPgMBX8n8wQuAypCfFucM3reIblnPpHsWifRlk/
|
||||
XrOmD1FDhErz4V38ouloS7q4jxAbbrPlLW93u4En5UZ5jPzN3T2h0vIrPl6sCKf1
|
||||
edEju5lu7WIcNUH8VF4j6kDP71LwBW99kdFrYHSRCtWIXeJrB1MLx7c9lekrm89/
|
||||
lz08UdGd7udJOcKDrsvsIj4cJYImHENLYB4LoWVMsiD7ap+zKud9Zf9YsRNG7XTT
|
||||
HtZSTdrgN5opAU/0vA10Jzp1S3HDfPL5+7Xw6Xq62ZJXOyAofpItxc9dGOOoNiZi
|
||||
wtYCMZwz2H3LujDgc5wMbPV9k1UxU/Y6QHrjAgMBAAGjgaMwgaAwDAYDVR0TAQH/
|
||||
BAIwADAdBgNVHQ4EFgQUDhDi+m6Iocrd9LJ6ZJBFMfsp3F0wHwYDVR0jBBgwFoAU
|
||||
SsSalxeTY1qmvFLILIS3gZ4ynGMwCwYDVR0PBAQDAgP4MCcGA1UdJQQgMB4GCCsG
|
||||
AQUFBwMBBggrBgEFBQcDAgYIKwYBBQUHAwgwGgYDVR0RBBMwEYIPd3d3LmV4YW1w
|
||||
bGUub3JnMA0GCSqGSIb3DQEBCwUAA4IBAQBr03L9bIY5unzvN8psu+a410Gwgkma
|
||||
8D37SeJ23fV0FR0gemgIJsq0SoVRuwbHQMum1Rs9MC+fRIcN5UZGKDTb6WQIb+In
|
||||
1qnX3A5OU/rTOjkWELQLxJ+ejqJT86pHuODwpX+YME1nDo+3nmb/OLAzrXjgfY3j
|
||||
w5GCU4dobXU3RvbQAbvpw4ECOBPbuizq+fngIGmeJt7kcdJ6vZw3OvKlk451REGI
|
||||
gt3TrELsmvH7D2qNyPYgEn7ifdVKEbiMcFcHoMz/zZ2ZxlGSQ7YnWOZd0++uB2od
|
||||
iBWE+faUZ2ApEWEnX1FPcPIQ7x7dDvYHkmGVh0tAwXcgPs1NCX7rJcVF
|
||||
-----END CERTIFICATE-----
|
27
doc/examples/ssl/demo-ca/3-www.example.org.pem
Normal file
27
doc/examples/ssl/demo-ca/3-www.example.org.pem
Normal file
@ -0,0 +1,27 @@
|
||||
-----BEGIN RSA PRIVATE KEY-----
|
||||
MIIEpAIBAAKCAQEAuyAbqzSfBRbT4DAV/J/MELgMqQnxbnDN63iG5Zz6R7Fon0ZZ
|
||||
P16zpg9RQ4RK8+Fd/KLpaEu6uI8QG26z5S1vd7uBJ+VGeYz8zd09odLyKz5erAin
|
||||
9XnRI7uZbu1iHDVB/FReI+pAz+9S8AVvfZHRa2B0kQrViF3iawdTC8e3PZXpK5vP
|
||||
f5c9PFHRne7nSTnCg67L7CI+HCWCJhxDS2AeC6FlTLIg+2qfsyrnfWX/WLETRu10
|
||||
0x7WUk3a4DeaKQFP9LwNdCc6dUtxw3zy+fu18Ol6utmSVzsgKH6SLcXPXRjjqDYm
|
||||
YsLWAjGcM9h9y7ow4HOcDGz1fZNVMVP2OkB64wIDAQABAoIBAD+Cd0GVO397ru+B
|
||||
AoVaKuVlwg5BLKsCKDGKF6aor51TjiG4u6OxXaG3wyn6JYI+dCrBlBxsz3PCQoI9
|
||||
AVuAHzvw7LYAr/mjK04nj7pzoPOiWHlk+rRq4tuQ2VN3x/uw67NbYxQndlXccTa7
|
||||
cYqZygz6kLWFitGco7MVqk7uOrfwqu4O5GbktR4Vm6apEh2eFsSfgFE4LN3z7bbf
|
||||
A7dzePBy2BOEvy/CjNX5stkLKJuWzuVTcYXB82bqp/VsSXSQG9o/9VmR6OUhXWjA
|
||||
Clf+m3HqVmZ1IivOFz48LHVzvUj26AclvwwXkaGptbA6s08QWJMS2mpZlWbWNwzr
|
||||
Mqgl/3ECgYEA8xpGCQrxfw7LTI9sMVnQo3S1rbB23DMuP2PmX6Aad0U3eGSxrv6B
|
||||
RweXpb1Kduu8FeLMngihPjv/UsHJkNMX6IRILc2kLbRYoQOLdJ5k42bYzhDKYN33
|
||||
e8jr6twJJsCgva4DoLM0woZTvgaRzLJBzMWoL1BT6JJkKGUukgwCiskCgYEAxQ2S
|
||||
1oN1ZHc454y2bJ0JYg6c/MGEKHFjIRLKMMxwhNXQzOr8EzzwwF+5IsJORQfJNu+P
|
||||
DaFT/3QAuByKG+Dyx4C0ssIhj6u75g1Thzgv8qHwE6DYh1VUUYO656kFTtexlFyg
|
||||
gJPYXCOWPelSNNNQXbZTV929R1Wx95+LfqLqQksCgYEApmCj8ApqT3AbmVFLVddH
|
||||
YKc+tBnirz/j9gR0JZwYoOphVWds5/xNFATRN+B+NzeNKVloevwjBsnfK49vWUvv
|
||||
v/XQxHBKXfFg+wnHBtBk8fFwjk+VgohHmZNgSwO+y6PoHwkaeIBNqphudc5fOL4D
|
||||
JJdeTMtoMfMG01K0dcX8c2kCgYEAwE1n0GqIJNxoryfWW5bBMm2abNwZsjI9kGg6
|
||||
43aQFEJpu6FTER82wDZqgW5oXdukVTViQOYBCFpX3VUUvvI/W8zSC2WCxSfOfkrh
|
||||
CiQePsYkebNNvHzchZRt0WhUYsYCagwfInul+P1NwOuzKxRR6LJnEWe3MSeDP2n3
|
||||
A0XQIZMCgYAzubLPZnJjFihAX0M9k8Cjc+q6KKnA6Fp1JqnPmzoTO/r46o1shmCZ
|
||||
kRS8iqnKfTCW/MWGSPyRc0OubIVbR9hAdCZjR8wmeVdkiV+VfBRzxpcYpcZbxjmy
|
||||
6F0xz1Fv0UeKdjHQyb9UNO6Y1qVaNVVYo3tyD6VGaMdboddHPPxLDw==
|
||||
-----END RSA PRIVATE KEY-----
|
12
doc/examples/ssl/demo-ca/Makefile
Normal file
12
doc/examples/ssl/demo-ca/Makefile
Normal file
@ -0,0 +1,12 @@
|
||||
#!/usr/bin/make -f
|
||||
|
||||
intermediate_ca_certs := 1-CA-Internal.crt
|
||||
|
||||
certs := $(patsubst %.pem,%.crt,$(sort $(wildcard *.pem)))
|
||||
target_certs := $(patsubst %.crt,%.chain.crt,$(certs))
|
||||
|
||||
.PHONY: all
|
||||
all: $(target_certs)
|
||||
|
||||
%.chain.crt: %.crt $(intermediate_ca_certs)
|
||||
cat $+ | tee $@ >/dev/null
|
33
doc/examples/ssl/site/http-site.conf
Normal file
33
doc/examples/ssl/site/http-site.conf
Normal file
@ -0,0 +1,33 @@
|
||||
server {
|
||||
listen 8443 ssl;
|
||||
|
||||
server_name .example.org;
|
||||
|
||||
ssl_certificate tls.d/example.org.chain.crt;
|
||||
ssl_certificate_key tls.d/example.org.pem;
|
||||
|
||||
root static.d/example.org;
|
||||
}
|
||||
|
||||
server {
|
||||
listen 8443 ssl;
|
||||
|
||||
server_name www.example.org;
|
||||
|
||||
ssl_certificate tls.d/www.example.org.chain.crt;
|
||||
ssl_certificate_key tls.d/www.example.org.pem;
|
||||
|
||||
root static.d/www.example.org;
|
||||
}
|
||||
|
||||
## optional: cut-off server
|
||||
server {
|
||||
listen 8443 ssl default_server bind deferred;
|
||||
|
||||
server_name _;
|
||||
|
||||
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
|
||||
|
||||
## reject connections early
|
||||
ssl_reject_handshake on;
|
||||
}
|
5
doc/examples/ssl/static/example.org/index.html
Normal file
5
doc/examples/ssl/static/example.org/index.html
Normal file
@ -0,0 +1,5 @@
|
||||
<hmtl>
|
||||
<body>
|
||||
<h1>This is main site.</h1>
|
||||
</body>
|
||||
</hmtl>
|
5
doc/examples/ssl/static/www.example.org/index.html
Normal file
5
doc/examples/ssl/static/www.example.org/index.html
Normal file
@ -0,0 +1,5 @@
|
||||
<hmtl>
|
||||
<body>
|
||||
<h1>This is WWW site.</h1>
|
||||
</body>
|
||||
</hmtl>
|
19
doc/examples/ssl/tls/ca/internal-ca.crt
Normal file
19
doc/examples/ssl/tls/ca/internal-ca.crt
Normal file
@ -0,0 +1,19 @@
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIDLDCCAhSgAwIBAgIIc9z+Nze+1ngwDQYJKoZIhvcNAQELBQAwEjEQMA4GA1UE
|
||||
AxMHQ0EgUm9vdDAeFw0yNDA5MTkwMDAwMDBaFw0zNTA5MTgyMzU5NTlaMBYxFDAS
|
||||
BgNVBAMTC0NBIEludGVybmFsMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
|
||||
AQEAs0SnuACpBbkmoPrdnrMKuGhA+dUML/PoF8RZI9BdQvnSa3r1mINw3442Hcrh
|
||||
Nij0BeVqjK6DTk8yrLA3l9/bpXIubimXDWvzeMRRVduWPdEc9cdDhuksbrIApQow
|
||||
3cP68U95pqwYbDsXtGqXOzDWnKQppok42OjaKL6zwNsM6Qs/UKVADJ7rmPSoZSa/
|
||||
RCywhurnZt3eIDQjQqfJCnNifUXnLOD8JwyhSACBvxdQQnn2ibh78KA6LuECUDX9
|
||||
jKOdgJvffwl1XaXqX9pfM9KwmoNs+utVOm9weENC0tnss/BftqzBo6szAeyIKzkk
|
||||
xOjppCNz2Uou3UsVEVyCA6GAjQIDAQABo4GBMH8wDwYDVR0TAQH/BAUwAwEB/zAd
|
||||
BgNVHQ4EFgQUSsSalxeTY1qmvFLILIS3gZ4ynGMwHwYDVR0jBBgwFoAUMdG64dLU
|
||||
vChFxO1SEtyn4NoRr8gwCwYDVR0PBAQDAgEGMB8GA1UdJQQYMBYGCisGAQQBgjcK
|
||||
AwEGCCsGAQUFBwMJMA0GCSqGSIb3DQEBCwUAA4IBAQDJyKWDN6lD4/UTx12HrVqI
|
||||
taOkOzFIBho+FSvCRI/ZLpeMj01WZIb9XkdhLZvUAh+c7jC/caMghGX5N8Kqunmr
|
||||
x1HYnLm+C6QOdYy2djEml3ZwnbEn9yT1YYhRIZC993ipEzeNFm39J433l1PXYsLa
|
||||
XNC99j58tVPFELcpimqe8eoUW2hYKZqFvswuta2PhX9mNYOSVk5ICl3rs0kr8gDR
|
||||
3PC6vKmMxmTWTlg94JuTRCT0L5LD5Ode76iR7q0TY3XOzeDeEw3H99nPv3i69d2D
|
||||
15pEo78xeNOZhbJ1OGUqBO45JrwhhJ4x9N+5SSnLSEvgv+qghVK+mkxAtvM/6fsp
|
||||
-----END CERTIFICATE-----
|
19
doc/examples/ssl/tls/ca/root-ca.crt
Normal file
19
doc/examples/ssl/tls/ca/root-ca.crt
Normal file
@ -0,0 +1,19 @@
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIDBjCCAe6gAwIBAgIITliyKcJbVmEwDQYJKoZIhvcNAQELBQAwEjEQMA4GA1UE
|
||||
AxMHQ0EgUm9vdDAeFw0yNDA5MTkwMDAwMDBaFw0zNjA5MTgyMzU5NTlaMBIxEDAO
|
||||
BgNVBAMTB0NBIFJvb3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDP
|
||||
0HWgtUwQ+OMm30ANf8Iy4H3tfGnfrDd4oQXqMjuW6Eh0nxzlWMIcvrN1l2Y2QscI
|
||||
i+/6CNq6tirbkN3PIYFdboejROXPDRsh7ck+92PyJiEcbK0SbI/S/3bKGpeqmTy+
|
||||
HvbkMvzlUJ/+SH6FgU3sCkYga43QDE8DT3PRf0zd7mBF2ij/OXtv69JehdTJBDa2
|
||||
hW09Ivjfq5cHoMIEfIvTp8847TGIQDqU8k1N8A5brrU+2gHJ+H3GoV09ej5/cv6Q
|
||||
9FU9DE/mTW7iDHjNVNgq4JQXJWyCYH6TfoKet+/8Q1odhe+4dG22lO6EgHdp5IIN
|
||||
J5322FKKsuwZ1JhA/ZJ9AgMBAAGjYDBeMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0O
|
||||
BBYEFDHRuuHS1LwoRcTtUhLcp+DaEa/IMAsGA1UdDwQEAwIBBjAfBgNVHSUEGDAW
|
||||
BgorBgEEAYI3CgMBBggrBgEFBQcDCTANBgkqhkiG9w0BAQsFAAOCAQEAxRGAJ3nV
|
||||
/ycyml5mm4q330Mnsa8Rc0DoVaQXfEyIIBkgYD2dIhvjnA5cK6AVStAJ/16lx77T
|
||||
v5bG5/AyC2D7ISd8PLcpWrAtxo06cYM3OJjpWwl18oH1tS1L2hi6L8I2LNkW4TKQ
|
||||
yFjRCYJvsM2QUnRL99S4JKiXACDMCTP/ZP87fQvmfi4lXCnUlQqgtnCq0+iCwXVJ
|
||||
oR1SdOrmPz/NI23RA41U15LePwFuK5cTE0WhtyZej8ksv6V+5Z1aiIBTt/cMl+KH
|
||||
2K9dmO+dNp1DJeSaeH+8rsDd44FkPvDi1nMjm4G51U2JVrbjift70DM/Ia/DPH72
|
||||
bYJLgeFDhdfzMg==
|
||||
-----END CERTIFICATE-----
|
40
doc/examples/ssl/tls/example.org.chain.crt
Normal file
40
doc/examples/ssl/tls/example.org.chain.crt
Normal file
@ -0,0 +1,40 @@
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIDXTCCAkWgAwIBAgIIKr9NphMObcAwDQYJKoZIhvcNAQELBQAwFjEUMBIGA1UE
|
||||
AxMLQ0EgSW50ZXJuYWwwHhcNMjQwOTE5MDAwMDAwWhcNMzQwOTE4MjM1OTU5WjAW
|
||||
MRQwEgYDVQQDEwtleGFtcGxlLm9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
|
||||
AQoCggEBAJ+WCrO6ML91DNYfgzrc6XiZvOFNxBfbuPkPdFw6dx4wwJCFg0VcdH1W
|
||||
BpVMMvczlntphpARGZ+bsktKRhsbDHNfbExo6Sn6b0x/xnUkFg34ukYhRdFs+xHC
|
||||
/PO9t2a9LDcMsBr0yLBugbMYGZj2Ln+sp478aKyWNkQLBKOEfeijtg3qrIx0B/we
|
||||
vd8Tx49ahQYB8XELiZa1mntqRpHewMr+ul6sf5z6JR3Jrokvzu7kGLjt1FN1VAQR
|
||||
pkzqNYJX/vUJ3KIdZxWHyzyoIbra/VjeP/POIY22eQGDWwbg9sNVUyVKFPzkaSwV
|
||||
+BAytQiEn2cEQtmxoPZ+iLkyiGgGFWUCAwEAAaOBrjCBqzAMBgNVHRMBAf8EAjAA
|
||||
MB0GA1UdDgQWBBRrZV8OY2075agO7UQfsDcPKmt87TAfBgNVHSMEGDAWgBRKxJqX
|
||||
F5NjWqa8UsgshLeBnjKcYzALBgNVHQ8EBAMCA/gwJwYDVR0lBCAwHgYIKwYBBQUH
|
||||
AwEGCCsGAQUFBwMCBggrBgEFBQcDCDAlBgNVHREEHjAcggtleGFtcGxlLm9yZ4IN
|
||||
Ki5leGFtcGxlLm9yZzANBgkqhkiG9w0BAQsFAAOCAQEApijiwX+Y6XR25Z0yyv9P
|
||||
gAkZkE+X/rQuk+9PyuSXLWUg9x0p3G0RUwPHHwiUpYHnTmAf3iKoPHLltX+KxqkO
|
||||
W3Kx07TId5FmK8UrCZ+Xs1yuvMHtwdAvf8DA8QCaWSa8N9QeYmbzArjM8035j16+
|
||||
rFiMaO8mLEftqnVZksYt3pPWsus0UnhK9gnTw9PSxqWpC1EoTyiuDwTLdVqqYAeM
|
||||
oqqdpHfSFPBXmCRZc5dbptnrJmLiMHoVeeKjdYXLr1GgIVYPN+Dbldwb8gcIQ+TM
|
||||
zN+J7p0W7rHhsGSleackNlWWfodjnc0WHZWkyplg4W48V6KbLxsK+LOpvnuoy+mu
|
||||
vw==
|
||||
-----END CERTIFICATE-----
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIDLDCCAhSgAwIBAgIIc9z+Nze+1ngwDQYJKoZIhvcNAQELBQAwEjEQMA4GA1UE
|
||||
AxMHQ0EgUm9vdDAeFw0yNDA5MTkwMDAwMDBaFw0zNTA5MTgyMzU5NTlaMBYxFDAS
|
||||
BgNVBAMTC0NBIEludGVybmFsMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
|
||||
AQEAs0SnuACpBbkmoPrdnrMKuGhA+dUML/PoF8RZI9BdQvnSa3r1mINw3442Hcrh
|
||||
Nij0BeVqjK6DTk8yrLA3l9/bpXIubimXDWvzeMRRVduWPdEc9cdDhuksbrIApQow
|
||||
3cP68U95pqwYbDsXtGqXOzDWnKQppok42OjaKL6zwNsM6Qs/UKVADJ7rmPSoZSa/
|
||||
RCywhurnZt3eIDQjQqfJCnNifUXnLOD8JwyhSACBvxdQQnn2ibh78KA6LuECUDX9
|
||||
jKOdgJvffwl1XaXqX9pfM9KwmoNs+utVOm9weENC0tnss/BftqzBo6szAeyIKzkk
|
||||
xOjppCNz2Uou3UsVEVyCA6GAjQIDAQABo4GBMH8wDwYDVR0TAQH/BAUwAwEB/zAd
|
||||
BgNVHQ4EFgQUSsSalxeTY1qmvFLILIS3gZ4ynGMwHwYDVR0jBBgwFoAUMdG64dLU
|
||||
vChFxO1SEtyn4NoRr8gwCwYDVR0PBAQDAgEGMB8GA1UdJQQYMBYGCisGAQQBgjcK
|
||||
AwEGCCsGAQUFBwMJMA0GCSqGSIb3DQEBCwUAA4IBAQDJyKWDN6lD4/UTx12HrVqI
|
||||
taOkOzFIBho+FSvCRI/ZLpeMj01WZIb9XkdhLZvUAh+c7jC/caMghGX5N8Kqunmr
|
||||
x1HYnLm+C6QOdYy2djEml3ZwnbEn9yT1YYhRIZC993ipEzeNFm39J433l1PXYsLa
|
||||
XNC99j58tVPFELcpimqe8eoUW2hYKZqFvswuta2PhX9mNYOSVk5ICl3rs0kr8gDR
|
||||
3PC6vKmMxmTWTlg94JuTRCT0L5LD5Ode76iR7q0TY3XOzeDeEw3H99nPv3i69d2D
|
||||
15pEo78xeNOZhbJ1OGUqBO45JrwhhJ4x9N+5SSnLSEvgv+qghVK+mkxAtvM/6fsp
|
||||
-----END CERTIFICATE-----
|
27
doc/examples/ssl/tls/example.org.pem
Normal file
27
doc/examples/ssl/tls/example.org.pem
Normal file
@ -0,0 +1,27 @@
|
||||
-----BEGIN RSA PRIVATE KEY-----
|
||||
MIIEogIBAAKCAQEAn5YKs7owv3UM1h+DOtzpeJm84U3EF9u4+Q90XDp3HjDAkIWD
|
||||
RVx0fVYGlUwy9zOWe2mGkBEZn5uyS0pGGxsMc19sTGjpKfpvTH/GdSQWDfi6RiFF
|
||||
0Wz7EcL88723Zr0sNwywGvTIsG6BsxgZmPYuf6ynjvxorJY2RAsEo4R96KO2Deqs
|
||||
jHQH/B693xPHj1qFBgHxcQuJlrWae2pGkd7Ayv66Xqx/nPolHcmuiS/O7uQYuO3U
|
||||
U3VUBBGmTOo1glf+9Qncoh1nFYfLPKghutr9WN4/884hjbZ5AYNbBuD2w1VTJUoU
|
||||
/ORpLBX4EDK1CISfZwRC2bGg9n6IuTKIaAYVZQIDAQABAoIBAA52Ufz3VCCdp8P7
|
||||
Mht9AU7Txolie0awO63yfRiN7H/uFMgOxBaJP5NLiagxB3Nd7Pa9LvEnuOXn0xC9
|
||||
/Twf8ju9u4+ceE48wFEInqsR/J+tLpsEET2JPfgzmVSGGQn0qH5KpjujJabQ35cj
|
||||
3s9SYWS3owMIaSdZgOHKCn8TwYykriGYgagV3c+tMdqDaqvrrWAu9mkCp9/MzREb
|
||||
X3XBJ9NE/5dlMeMfXJiRKvLc16hQCSrXVdCLLm3U3/sHncDKOEOF4kvEBR5ciXXN
|
||||
zXkuvbE4GKjC0rCGZtocbC2EkkHRMD96Y2cNwmNnWp0fJ0KOVYGw3S3YsWNMex0u
|
||||
n57vEUcCgYEAy+x9NB4pCF/5Va82yRYYRUZCyDWLAYAC7kJ933R2wugUgs8FUQzK
|
||||
xh0d7PuGDYB/zrsZfdQoZGmEbffZ/pze6pdIpaFKFnQoHPtS92aQdBPwyCdBnJUy
|
||||
cuVQekPBsDtRFSOaznzOej+bkFH43RujYjDPPRAIP2Oily20CRcXzb8CgYEAyFb6
|
||||
X2mQn2EM+vIxGIIUe09YsT9OhZyzI2TG4M4yvapFF8FVA5qZJTQh7mxJzlACev3J
|
||||
Rmrpo/36j4co9x8Ph9ojcQzd0qhiwYPaFc4sBjFRPm8k22+mf2zIm5VV1xHqML65
|
||||
ciGGCLxfBO+j1y0ktUL6g9QGwyr/0RaFo7UhrdsCgYBcEyipGqEeVe9Hn/hVrTNC
|
||||
PCo1Ke/cuocYO0+IUJa7BH0WXxEgem0oLMdxVFQ/znBm0JX++YdPZ1FTMeDtFLmW
|
||||
JL65gmzoXIQsKdJZQKcisko6pXb7k2YW+LFwsx1GTFIdAFmKuFGmYwgDju+WLj+E
|
||||
O1OnV5DRxlQIfKtYm2O1EwKBgHb1hrgPFAw/cZi1JUf7PbQ22mBtSe/2qzxyA9HL
|
||||
Pr/2kg5YA2Yfb55yxU8wx+aVBdQITHLe2xtAnX6KcF3E+NDfS7o+PJ1w1Ss5Ys8d
|
||||
3HBU6nwbPRR7yK7TZo9T7mPFxHzrU2yc0Vzwla91qKEFsk1blyueQ+Gx77M1H2el
|
||||
D3mPAoGAfd9V3aNVaNjjj/ILQlX6ypPeqWLjzsHRnsIedDXgGRh5/ZgXetSgp+f9
|
||||
MtZdaHkYiBMYJJXFqn3KcIaRGAgxQbaqnZtSmHpUg4AXDmxEbu01ryVjPIW/EvZb
|
||||
4oTikKQyUW8jqWS3irvxZga+nwJFNNYMyVgK+W29UYZzW53GMV4=
|
||||
-----END RSA PRIVATE KEY-----
|
39
doc/examples/ssl/tls/www.example.org.chain.crt
Normal file
39
doc/examples/ssl/tls/www.example.org.chain.crt
Normal file
@ -0,0 +1,39 @@
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIDVjCCAj6gAwIBAgIIKpxUKA9KjPcwDQYJKoZIhvcNAQELBQAwFjEUMBIGA1UE
|
||||
AxMLQ0EgSW50ZXJuYWwwHhcNMjQwOTE5MDAwMDAwWhcNMzQwOTE4MjM1OTU5WjAa
|
||||
MRgwFgYDVQQDEw93d3cuZXhhbXBsZS5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IB
|
||||
DwAwggEKAoIBAQC7IBurNJ8FFtPgMBX8n8wQuAypCfFucM3reIblnPpHsWifRlk/
|
||||
XrOmD1FDhErz4V38ouloS7q4jxAbbrPlLW93u4En5UZ5jPzN3T2h0vIrPl6sCKf1
|
||||
edEju5lu7WIcNUH8VF4j6kDP71LwBW99kdFrYHSRCtWIXeJrB1MLx7c9lekrm89/
|
||||
lz08UdGd7udJOcKDrsvsIj4cJYImHENLYB4LoWVMsiD7ap+zKud9Zf9YsRNG7XTT
|
||||
HtZSTdrgN5opAU/0vA10Jzp1S3HDfPL5+7Xw6Xq62ZJXOyAofpItxc9dGOOoNiZi
|
||||
wtYCMZwz2H3LujDgc5wMbPV9k1UxU/Y6QHrjAgMBAAGjgaMwgaAwDAYDVR0TAQH/
|
||||
BAIwADAdBgNVHQ4EFgQUDhDi+m6Iocrd9LJ6ZJBFMfsp3F0wHwYDVR0jBBgwFoAU
|
||||
SsSalxeTY1qmvFLILIS3gZ4ynGMwCwYDVR0PBAQDAgP4MCcGA1UdJQQgMB4GCCsG
|
||||
AQUFBwMBBggrBgEFBQcDAgYIKwYBBQUHAwgwGgYDVR0RBBMwEYIPd3d3LmV4YW1w
|
||||
bGUub3JnMA0GCSqGSIb3DQEBCwUAA4IBAQBr03L9bIY5unzvN8psu+a410Gwgkma
|
||||
8D37SeJ23fV0FR0gemgIJsq0SoVRuwbHQMum1Rs9MC+fRIcN5UZGKDTb6WQIb+In
|
||||
1qnX3A5OU/rTOjkWELQLxJ+ejqJT86pHuODwpX+YME1nDo+3nmb/OLAzrXjgfY3j
|
||||
w5GCU4dobXU3RvbQAbvpw4ECOBPbuizq+fngIGmeJt7kcdJ6vZw3OvKlk451REGI
|
||||
gt3TrELsmvH7D2qNyPYgEn7ifdVKEbiMcFcHoMz/zZ2ZxlGSQ7YnWOZd0++uB2od
|
||||
iBWE+faUZ2ApEWEnX1FPcPIQ7x7dDvYHkmGVh0tAwXcgPs1NCX7rJcVF
|
||||
-----END CERTIFICATE-----
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIDLDCCAhSgAwIBAgIIc9z+Nze+1ngwDQYJKoZIhvcNAQELBQAwEjEQMA4GA1UE
|
||||
AxMHQ0EgUm9vdDAeFw0yNDA5MTkwMDAwMDBaFw0zNTA5MTgyMzU5NTlaMBYxFDAS
|
||||
BgNVBAMTC0NBIEludGVybmFsMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
|
||||
AQEAs0SnuACpBbkmoPrdnrMKuGhA+dUML/PoF8RZI9BdQvnSa3r1mINw3442Hcrh
|
||||
Nij0BeVqjK6DTk8yrLA3l9/bpXIubimXDWvzeMRRVduWPdEc9cdDhuksbrIApQow
|
||||
3cP68U95pqwYbDsXtGqXOzDWnKQppok42OjaKL6zwNsM6Qs/UKVADJ7rmPSoZSa/
|
||||
RCywhurnZt3eIDQjQqfJCnNifUXnLOD8JwyhSACBvxdQQnn2ibh78KA6LuECUDX9
|
||||
jKOdgJvffwl1XaXqX9pfM9KwmoNs+utVOm9weENC0tnss/BftqzBo6szAeyIKzkk
|
||||
xOjppCNz2Uou3UsVEVyCA6GAjQIDAQABo4GBMH8wDwYDVR0TAQH/BAUwAwEB/zAd
|
||||
BgNVHQ4EFgQUSsSalxeTY1qmvFLILIS3gZ4ynGMwHwYDVR0jBBgwFoAUMdG64dLU
|
||||
vChFxO1SEtyn4NoRr8gwCwYDVR0PBAQDAgEGMB8GA1UdJQQYMBYGCisGAQQBgjcK
|
||||
AwEGCCsGAQUFBwMJMA0GCSqGSIb3DQEBCwUAA4IBAQDJyKWDN6lD4/UTx12HrVqI
|
||||
taOkOzFIBho+FSvCRI/ZLpeMj01WZIb9XkdhLZvUAh+c7jC/caMghGX5N8Kqunmr
|
||||
x1HYnLm+C6QOdYy2djEml3ZwnbEn9yT1YYhRIZC993ipEzeNFm39J433l1PXYsLa
|
||||
XNC99j58tVPFELcpimqe8eoUW2hYKZqFvswuta2PhX9mNYOSVk5ICl3rs0kr8gDR
|
||||
3PC6vKmMxmTWTlg94JuTRCT0L5LD5Ode76iR7q0TY3XOzeDeEw3H99nPv3i69d2D
|
||||
15pEo78xeNOZhbJ1OGUqBO45JrwhhJ4x9N+5SSnLSEvgv+qghVK+mkxAtvM/6fsp
|
||||
-----END CERTIFICATE-----
|
27
doc/examples/ssl/tls/www.example.org.pem
Normal file
27
doc/examples/ssl/tls/www.example.org.pem
Normal file
@ -0,0 +1,27 @@
|
||||
-----BEGIN RSA PRIVATE KEY-----
|
||||
MIIEpAIBAAKCAQEAuyAbqzSfBRbT4DAV/J/MELgMqQnxbnDN63iG5Zz6R7Fon0ZZ
|
||||
P16zpg9RQ4RK8+Fd/KLpaEu6uI8QG26z5S1vd7uBJ+VGeYz8zd09odLyKz5erAin
|
||||
9XnRI7uZbu1iHDVB/FReI+pAz+9S8AVvfZHRa2B0kQrViF3iawdTC8e3PZXpK5vP
|
||||
f5c9PFHRne7nSTnCg67L7CI+HCWCJhxDS2AeC6FlTLIg+2qfsyrnfWX/WLETRu10
|
||||
0x7WUk3a4DeaKQFP9LwNdCc6dUtxw3zy+fu18Ol6utmSVzsgKH6SLcXPXRjjqDYm
|
||||
YsLWAjGcM9h9y7ow4HOcDGz1fZNVMVP2OkB64wIDAQABAoIBAD+Cd0GVO397ru+B
|
||||
AoVaKuVlwg5BLKsCKDGKF6aor51TjiG4u6OxXaG3wyn6JYI+dCrBlBxsz3PCQoI9
|
||||
AVuAHzvw7LYAr/mjK04nj7pzoPOiWHlk+rRq4tuQ2VN3x/uw67NbYxQndlXccTa7
|
||||
cYqZygz6kLWFitGco7MVqk7uOrfwqu4O5GbktR4Vm6apEh2eFsSfgFE4LN3z7bbf
|
||||
A7dzePBy2BOEvy/CjNX5stkLKJuWzuVTcYXB82bqp/VsSXSQG9o/9VmR6OUhXWjA
|
||||
Clf+m3HqVmZ1IivOFz48LHVzvUj26AclvwwXkaGptbA6s08QWJMS2mpZlWbWNwzr
|
||||
Mqgl/3ECgYEA8xpGCQrxfw7LTI9sMVnQo3S1rbB23DMuP2PmX6Aad0U3eGSxrv6B
|
||||
RweXpb1Kduu8FeLMngihPjv/UsHJkNMX6IRILc2kLbRYoQOLdJ5k42bYzhDKYN33
|
||||
e8jr6twJJsCgva4DoLM0woZTvgaRzLJBzMWoL1BT6JJkKGUukgwCiskCgYEAxQ2S
|
||||
1oN1ZHc454y2bJ0JYg6c/MGEKHFjIRLKMMxwhNXQzOr8EzzwwF+5IsJORQfJNu+P
|
||||
DaFT/3QAuByKG+Dyx4C0ssIhj6u75g1Thzgv8qHwE6DYh1VUUYO656kFTtexlFyg
|
||||
gJPYXCOWPelSNNNQXbZTV929R1Wx95+LfqLqQksCgYEApmCj8ApqT3AbmVFLVddH
|
||||
YKc+tBnirz/j9gR0JZwYoOphVWds5/xNFATRN+B+NzeNKVloevwjBsnfK49vWUvv
|
||||
v/XQxHBKXfFg+wnHBtBk8fFwjk+VgohHmZNgSwO+y6PoHwkaeIBNqphudc5fOL4D
|
||||
JJdeTMtoMfMG01K0dcX8c2kCgYEAwE1n0GqIJNxoryfWW5bBMm2abNwZsjI9kGg6
|
||||
43aQFEJpu6FTER82wDZqgW5oXdukVTViQOYBCFpX3VUUvvI/W8zSC2WCxSfOfkrh
|
||||
CiQePsYkebNNvHzchZRt0WhUYsYCagwfInul+P1NwOuzKxRR6LJnEWe3MSeDP2n3
|
||||
A0XQIZMCgYAzubLPZnJjFihAX0M9k8Cjc+q6KKnA6Fp1JqnPmzoTO/r46o1shmCZ
|
||||
kRS8iqnKfTCW/MWGSPyRc0OubIVbR9hAdCZjR8wmeVdkiV+VfBRzxpcYpcZbxjmy
|
||||
6F0xz1Fv0UeKdjHQyb9UNO6Y1qVaNVVYo3tyD6VGaMdboddHPPxLDw==
|
||||
-----END RSA PRIVATE KEY-----
|
@ -1,89 +1,41 @@
|
||||
#!/bin/sh
|
||||
set -ef
|
||||
|
||||
certifi_uri="https://raw.githubusercontent.com/certifi/python-certifi/${CERTIFI_COMMIT:?}/certifi/cacert.pem"
|
||||
dst_dir=/usr/local/share/ca-certificates
|
||||
|
||||
w=$(mktemp -d) ; : "${w:?}"
|
||||
w_cleanup() {
|
||||
[ -z "$w" ] || ls -lA "$w/"
|
||||
[ -z "$w" ] || ls -lA "$w/" >&2
|
||||
[ -z "$w" ] || rm -rf "$w"
|
||||
unset w
|
||||
exit "${1:-0}"
|
||||
}
|
||||
|
||||
curl -sSL "${certifi_uri}" > "$w/certifi.crt"
|
||||
|
||||
def_bundle='/etc/ssl/certs/ca-certificates.crt'
|
||||
|
||||
openssl-cert-auto-pem.sh "${def_bundle}" > "$w/cacert.pem"
|
||||
openssl-cert-auto-pem.sh "$w/certifi.crt" > "$w/certifi.pem"
|
||||
openssl-cert-auto-pem.sh "${def_bundle}" "$w/cacert.pem" "$w/cacert.fp"
|
||||
[ -s "$w/cacert.pem" ] || w_cleanup 1
|
||||
[ -s "$w/cacert.fp" ] || w_cleanup 1
|
||||
|
||||
openssl-cert-auto-pem.sh "$1" "$w/certifi.pem" "$w/certifi.fp" "$w/certifi.off"
|
||||
[ -s "$w/certifi.pem" ] || w_cleanup 1
|
||||
|
||||
bundle_offsets() {
|
||||
awk '
|
||||
BEGIN {
|
||||
OFS = ","
|
||||
m_begin="-----BEGIN CERTIFICATE-----"
|
||||
m_end="-----END CERTIFICATE-----"
|
||||
i_begin = 0
|
||||
}
|
||||
$0 == m_begin { i_begin = NR ; }
|
||||
$0 == m_end {
|
||||
if (i_begin > 0) {
|
||||
print i_begin,NR
|
||||
i_begin = 0
|
||||
}
|
||||
}
|
||||
' "$1"
|
||||
}
|
||||
|
||||
bundle_offsets "$w/cacert.pem" > "$w/cacert.off"
|
||||
bundle_offsets "$w/certifi.pem" > "$w/certifi.off"
|
||||
[ -s "$w/cacert.off" ] || w_cleanup 1
|
||||
[ -s "$w/certifi.fp" ] || w_cleanup 1
|
||||
[ -s "$w/certifi.off" ] || w_cleanup 1
|
||||
|
||||
bundle_fingerprints() {
|
||||
local a
|
||||
while read -r a ; do
|
||||
[ -n "$a" ] || continue
|
||||
|
||||
{
|
||||
sed -ne "${a}p" "$1" | openssl x509 -noout -fingerprint -sha256 \
|
||||
|| \
|
||||
sed -ne "${a}p" "$1" | openssl x509 -noout -fingerprint
|
||||
} | tr '[:upper:]' '[:lower:]'
|
||||
done < "$2"
|
||||
}
|
||||
|
||||
bundle_fingerprints "$w/cacert.pem" "$w/cacert.off" | sort -uV > "$w/cacert.fp"
|
||||
bundle_fingerprints "$w/certifi.pem" "$w/certifi.off" | sort -uV > "$w/certifi.fp"
|
||||
[ -s "$w/cacert.fp" ] || w_cleanup 1
|
||||
[ -s "$w/certifi.fp" ] || w_cleanup 1
|
||||
|
||||
set +e
|
||||
grep -Fxv -f "$w/cacert.fp" "$w/certifi.fp" > "$w/diff.fp"
|
||||
grep -Fxnv -f "$w/cacert.fp" "$w/certifi.fp" | cut -d : -f 1 > "$w/diff.ln"
|
||||
set -e
|
||||
|
||||
if [ -s "$w/diff.fp" ] ; then
|
||||
set +e
|
||||
grep -Fxn -f "$w/diff.fp" "$w/certifi.fp" | cut -d : -f 1 > "$w/records.diff"
|
||||
set -e
|
||||
|
||||
terse_fingerprint() {
|
||||
cut -d = -f 2- | tr -cd '[:alnum:]'
|
||||
}
|
||||
|
||||
mkdir "$w/extras"
|
||||
if [ -s "$w/diff.ln" ] ; then
|
||||
terse_fingerprint() { cut -d = -f 2- | tr -cd '[:alnum:]' ; }
|
||||
|
||||
while read -r n ; do
|
||||
[ -n "$n" ] || continue
|
||||
|
||||
fp=$(sed -ne "${n}p" "$w/certifi.fp" | terse_fingerprint)
|
||||
off=$(sed -ne "${n}p" "$w/certifi.off")
|
||||
sed -ne "${off}p" "$w/certifi.pem" | openssl x509 > "${dst_dir}/certifi-${fp}.crt"
|
||||
done < "$w/records.diff"
|
||||
sed -ne "${off}p" "$w/certifi.pem" > "${dst_dir}/certifi-${fp}.crt"
|
||||
done < "$w/diff.ln"
|
||||
fi
|
||||
|
||||
rm -rf "$w" ; unset w
|
||||
|
@ -30,34 +30,40 @@ while : ; do
|
||||
unset orig_ca_file
|
||||
[ -s "$w/all.pem" ] || break
|
||||
|
||||
openssl-cert-fingerprint.sh "$w/all.pem" | sort -uV > "$w/all.fp"
|
||||
[ -s "$w/all.fp" ] || break
|
||||
openssl-cert-auto-pem.sh "$w/all.pem" "$w/new.pem" "$w/new.fp" "$w/new.off"
|
||||
[ -s "$w/new.pem" ] || break
|
||||
[ -s "$w/new.fp" ] || break
|
||||
[ -s "$w/new.off" ] || break
|
||||
rm -f "$w/all.pem"
|
||||
|
||||
## leaving processing section
|
||||
rm -f "$w/processing"
|
||||
|
||||
unset dev_root dev_bundle dev_bundle_fp
|
||||
dev_root=$(env stat -c '%d' / )
|
||||
dev_bundle=$(env stat -L -c '%d' "${def_bundle}")
|
||||
dev_bundle_fp=$(env stat -L -c '%d' "${def_bundle_fp}")
|
||||
|
||||
unset def_bundle_bind_mount
|
||||
def_bundle_bind_mount=1
|
||||
while : ; do
|
||||
[ "${dev_root}" = "${dev_bundle}" ] || break
|
||||
[ "${dev_root}" = "${dev_bundle_fp}" ] || break
|
||||
[ "${dev_bundle}" = "${dev_bundle_fp}" ] || break
|
||||
unset devno_root devno_bundle devno_bundle_fp
|
||||
devno_root=$(env stat -c '%d' / )
|
||||
|
||||
[ -f "${def_bundle}" ] || break
|
||||
devno_bundle=$(env stat -L -c '%d' "${def_bundle}")
|
||||
[ "${devno_root}" = "${devno_bundle}" ] || break
|
||||
|
||||
[ -f "${def_bundle_fp}" ] || break
|
||||
devno_bundle_fp=$(env stat -L -c '%d' "${def_bundle_fp}")
|
||||
[ "${devno_root}" = "${devno_bundle_fp}" ] || break
|
||||
|
||||
def_bundle_bind_mount=0
|
||||
break ; done
|
||||
unset dev_root dev_bundle dev_bundle_fp
|
||||
unset devno_root devno_bundle devno_bundle_fp
|
||||
|
||||
if [ "${def_bundle_bind_mount}" = 1 ] ; then
|
||||
log_always "detected bind-mount inside ${def_bundle%/*}/"
|
||||
log_always "this is merely misuse!"
|
||||
|
||||
openssl-cert-auto-pem.sh "${def_bundle}" > "$w/cacert.pem"
|
||||
openssl-cert-fingerprint.sh "$w/cacert.pem" | sort -uV > "$w/cacert.fp"
|
||||
if [ -s "${def_bundle}" ] ; then
|
||||
openssl-cert-auto-pem.sh "${def_bundle}" "$w/cacert.pem" "$w/cacert.fp"
|
||||
fi
|
||||
else
|
||||
ln -s "${def_bundle}" "$w/cacert.pem"
|
||||
ln -s "${def_bundle_fp}" "$w/cacert.fp"
|
||||
@ -73,19 +79,10 @@ while : ; do
|
||||
break ; done
|
||||
|
||||
if [ "${with_def_bundle}" = 1 ] ; then
|
||||
grep -Fxv -f "$w/cacert.fp" "$w/all.fp" > "$w/diff.fp"
|
||||
[ -s "$w/diff.fp" ] || break
|
||||
|
||||
## entering processing section
|
||||
touch "$w/processing"
|
||||
|
||||
grep -Fxn -f "$w/diff.fp" "$w/all.fp" | cut -d : -f 1 > "$w/diff.lineno"
|
||||
[ -s "$w/diff.lineno" ] || break
|
||||
|
||||
## leaving processing section
|
||||
rm -f "$w/processing"
|
||||
grep -Fxnv -f "$w/cacert.fp" "$w/new.fp" | cut -d : -f 1 > "$w/diff.ln"
|
||||
[ -s "$w/diff.ln" ] || break
|
||||
else
|
||||
: > "$w/diff.lineno"
|
||||
: > "$w/diff.ln"
|
||||
fi
|
||||
|
||||
: > "${volume_root}/ca.pem"
|
||||
@ -99,9 +96,11 @@ while : ; do
|
||||
while read -r n ; do
|
||||
[ -n "$n" ] || continue
|
||||
|
||||
off=$(sed -ne "${n}p" "$w/all.off")
|
||||
sed -ne "${off}p" "$w/all.pem" | openssl x509
|
||||
done < "$w/diff.lineno" >> "${volume_root}/ca.pem"
|
||||
off=$(sed -ne "${n}p" "$w/new.off")
|
||||
[ -n "${off}" ] || continue
|
||||
|
||||
sed -ne "${off}p" "$w/new.pem"
|
||||
done < "$w/diff.ln" >> "${volume_root}/ca.pem"
|
||||
unset n off
|
||||
|
||||
set -a
|
||||
@ -110,10 +109,14 @@ while : ; do
|
||||
SSL_CERT_DIR="${empty_dir}"
|
||||
set +a
|
||||
break ; done
|
||||
unset def_bundle_bind_mount with_def_bundle
|
||||
unset def_bundle_fp def_bundle_bind_mount with_def_bundle
|
||||
|
||||
[ -f "${volume_root}/ca.pem" ] || ln -s "${def_bundle}" "${volume_root}/ca.pem"
|
||||
unset def_bundle def_bundle_fp
|
||||
while ! [ -f "${volume_root}/ca.pem" ] ; do
|
||||
[ -s "${def_bundle}" ] || break
|
||||
ln -s "${def_bundle}" "${volume_root}/ca.pem"
|
||||
break ; done
|
||||
unset def_bundle
|
||||
[ -f "${volume_root}/ca.pem" ] || : > "${volume_root}/ca.pem"
|
||||
|
||||
if [ -n "${w:-}" ] ; then
|
||||
if [ -f "$w/processing" ] ; then
|
||||
|
5
requirements.txt
Normal file
5
requirements.txt
Normal file
@ -0,0 +1,5 @@
|
||||
jinja2==3.1.4
|
||||
netaddr==1.3.0
|
||||
psutil==6.0.0
|
||||
pyyaml==6.0.2
|
||||
wcmatch==9.0
|
@ -13,38 +13,83 @@ me=${0##*/}
|
||||
|
||||
w=$(mktemp -d) || exit 1
|
||||
w_cleanup() {
|
||||
[ -z "$w" ] || ls -lA "$w/"
|
||||
[ -z "$w" ] || ls -lA "$w/" >&2
|
||||
[ -z "$w" ] || rm -rf "$w"
|
||||
unset w
|
||||
exit "${1:-0}"
|
||||
}
|
||||
|
||||
bundle_offsets() {
|
||||
awk '
|
||||
BEGIN { OFS = "," ; i_begin = 0 ; }
|
||||
$0 == "-----BEGIN CERTIFICATE-----" { i_begin = NR ; }
|
||||
$0 == "-----END CERTIFICATE-----" { if (i_begin > 0) { print i_begin,NR ; i_begin = 0 ; } }
|
||||
' "$1"
|
||||
}
|
||||
|
||||
bundle_fingerprints() {
|
||||
local x f
|
||||
while read -r x ; do
|
||||
[ -n "$x" ] || continue
|
||||
|
||||
f=$(sed -ne "${x}p" "$1" | openssl x509 -noout -fingerprint -sha256)
|
||||
[ -n "$f" ] || f=$(sed -ne "${x}p" "$1" | openssl x509 -noout -fingerprint)
|
||||
[ -n "$f" ] || continue
|
||||
|
||||
printf '%s\n' "$f" | tr '[:upper:]' '[:lower:]'
|
||||
done < "$2"
|
||||
}
|
||||
|
||||
openssl storeutl -certs "$1" > "$w/cert.pem" || w_cleanup 1
|
||||
[ -s "$w/cert.pem" ] || w_cleanup 1
|
||||
tr -s '\r\n' '\n' < "$w/cert.pem" > "$w/cert.txt"
|
||||
[ -s "$w/cert.txt" ] || w_cleanup 1
|
||||
rm -f "$w/cert.pem"
|
||||
|
||||
awk '
|
||||
BEGIN {
|
||||
OFS = ","
|
||||
m_begin="-----BEGIN CERTIFICATE-----"
|
||||
m_end="-----END CERTIFICATE-----"
|
||||
i_begin = 0
|
||||
}
|
||||
$0 == m_begin { i_begin = NR ; }
|
||||
$0 == m_end {
|
||||
if (i_begin > 0) {
|
||||
print i_begin,NR
|
||||
i_begin = 0
|
||||
}
|
||||
}
|
||||
' "$w/cert.txt" > "$w/cert.offsets"
|
||||
[ -s "$w/cert.offsets" ] || w_cleanup 1
|
||||
bundle_offsets "$w/cert.txt" > "$w/cert.off"
|
||||
[ -s "$w/cert.off" ] || w_cleanup 1
|
||||
|
||||
while read -r a ; do
|
||||
[ -n "$a" ] || continue
|
||||
bundle_fingerprints "$w/cert.txt" "$w/cert.off" > "$w/cert.fp.all"
|
||||
[ -s "$w/cert.fp.all" ] || w_cleanup 1
|
||||
|
||||
sed -ne "${a}p" "$w/cert.txt"
|
||||
done < "$w/cert.offsets"
|
||||
sort -uV < "$w/cert.fp.all" > "$w/cert.fp"
|
||||
while read -r fp ; do
|
||||
[ -n "${fp}" ] || continue
|
||||
|
||||
n=$(grep -m1 -Fxn -e "${fp}" "$w/cert.fp.all" | cut -d : -f 1)
|
||||
[ -n "$n" ] || continue
|
||||
|
||||
off=$(sed -ne "${n}p" "$w/cert.off")
|
||||
[ -n "${off}" ] || continue
|
||||
|
||||
sed -ne "${off}p" "$w/cert.txt"
|
||||
done < "$w/cert.fp" > "$w/cert.pem"
|
||||
[ -s "$w/cert.pem" ] || w_cleanup 1
|
||||
rm -f "$w/cert.txt" "$w/cert.off" "$w/cert.fp.all"
|
||||
|
||||
if [ -n "$2" ] ; then
|
||||
while : ; do
|
||||
if [ -e "$2" ] ; then
|
||||
[ -f "$2" ] || break
|
||||
fi
|
||||
cat > "$2"
|
||||
break ; done
|
||||
else
|
||||
cat
|
||||
fi < "$w/cert.pem"
|
||||
|
||||
while [ -n "$3" ] ; do
|
||||
if [ -e "$3" ] ; then
|
||||
[ -f "$3" ] || break
|
||||
fi
|
||||
cat "$w/cert.fp" > "$3"
|
||||
break ; done
|
||||
|
||||
while [ -n "$4" ] ; do
|
||||
if [ -e "$4" ] ; then
|
||||
[ -f "$4" ] || break
|
||||
fi
|
||||
bundle_offsets "$w/cert.pem" > "$4"
|
||||
break ; done
|
||||
|
||||
rm -rf "$w" ; unset w
|
||||
|
@ -1,52 +0,0 @@
|
||||
#!/bin/sh
|
||||
set -f
|
||||
|
||||
[ $# -gt 0 ] || exit 0
|
||||
me=${0##*/}
|
||||
|
||||
[ -n "$1" ] || exit 1
|
||||
[ -f "$1" ] || {
|
||||
env printf '%s: not a file or does not exist: %q\n' "${me}" "$1" >&2
|
||||
exit 1
|
||||
}
|
||||
[ -s "$1" ] || exit 0
|
||||
|
||||
w=$(mktemp -d) || exit 1
|
||||
w_cleanup() {
|
||||
[ -z "$w" ] || ls -lA "$w/"
|
||||
[ -z "$w" ] || rm -rf "$w"
|
||||
unset w
|
||||
exit "${1:-0}"
|
||||
}
|
||||
|
||||
openssl-cert-auto-pem.sh "$1" > "$w/cert.pem" || w_cleanup 1
|
||||
[ -s "$w/cert.pem" ] || w_cleanup 1
|
||||
|
||||
awk '
|
||||
BEGIN {
|
||||
OFS = ","
|
||||
m_begin="-----BEGIN CERTIFICATE-----"
|
||||
m_end="-----END CERTIFICATE-----"
|
||||
i_begin = 0
|
||||
}
|
||||
$0 == m_begin { i_begin = NR ; }
|
||||
$0 == m_end {
|
||||
if (i_begin > 0) {
|
||||
print i_begin,NR
|
||||
i_begin = 0
|
||||
}
|
||||
}
|
||||
' "$w/cert.pem" > "$w/cert.off"
|
||||
[ -s "$w/cert.off" ] || w_cleanup 1
|
||||
|
||||
while read -r a ; do
|
||||
[ -n "$a" ] || continue
|
||||
|
||||
{
|
||||
sed -ne "${a}p" "$w/cert.pem" | openssl x509 -noout -fingerprint -sha256 \
|
||||
|| \
|
||||
sed -ne "${a}p" "$w/cert.pem" | openssl x509 -noout -fingerprint
|
||||
} | tr '[:upper:]' '[:lower:]'
|
||||
done < "$w/cert.off"
|
||||
|
||||
w_cleanup 0
|
Loading…
Reference in New Issue
Block a user